Senior Cyber Security Analyst


Reference:
VAC-922
Job Titles:
IT, Telecomms and Communications, Security
Salary:
£80,000 to £100,000 per annum
Benefits:
15% Bonus, Extensive Benefits including pension, gym, medical etc
Town/City:
London
Contract Type:
Permanent

Description

Summary

Our client is one of the world's leading law firms, helping clients achieve their goals by combining the highest global standards with local expertise. The firm has unrivalled scale and depth of legal resources across the three key markets of the Americas, Asia and Europe and focuses on the core areas of commercial activity: capital markets; corporate and M&A; finance and banking; real estate; tax; pensions and employment; litigation and dispute resolution.

Alongside world-class legal careers, our client offers excellent opportunities in the support functions that underpin its business operations. By joining us in Business Services, you will help us to innovate in the way we deliver our services and enable us to run a successful multinational business that never stands still. Business Services are integral to the running of the firm and are critical to its success.

Our client is not alone in facing increasing cyber security threats and information risks. We are a small team that works closely with our colleagues in Information Security, other parts of IT and right across the firm globally.

The Cyber Security Analyst will have a solid IT background covering Operating Systems, IP Networking, firewalls and boundary controls, IDS/IPS, coupled with excellent troubleshooting skills. This role will suit a highly motivated individual with keen attention to detail, who can demonstrate an exceptional analytical skill set and knowledge of current and evolving Cyber threats and developing strategies for their detection and mitigation.

Key Responsibilities:
• Lead and supervise the Cyber Security team dedicated to monitoring for cyber security incidents, and report to the Head of Cyber Security.
• Take operational ownership of a 24/7/365 Managed Security Service ensuring tickets are closed based on defined SLAs.
• Create and respond to help desk tickets as part of the Cyber Security team.
• Maintain and test the Cyber Incident Response Plan and continuously improve processes and procedures.
• Maintain the relationship with the Managed Security Services Provider and lead weekly Rolling Action Items List meetings with the Cyber Security team.
• Mentoring of junior team members in all aspects of Cyber Security.
• Conduct research pertaining into cyber threats, campaigns, vulnerabilities, and technological advances in combating unauthorized access.
• Investigate alerts, anomalies, errors, intrusions, and malware for evidence of compromise.
• Perform incident analysis, determine root cause and proper mitigation of cyber security events.
• Engage with other teams to mitigate cyber security threats, improve processes, and improve security posture, analysing threat intelligence for relevancy, impact, and exposure.
• Participate in cyber security incident response scenarios by collecting, analysing, and preserving digital evidence; ensure that cyber security incidents are recorded and documented according to procedure.
• Support the Information Security team with client audits.
• Collaborate with other senior IT leads providing cyber security engineering and architecture support to existing and new services.
• Conduct network, endpoint, and log analysis (by utilizing SIEM, IPS, Firewall, Proxy, AV etc) to determine the extent of the compromise, attributes of any malware and possible data exfiltrated.
• Interface with the firm's Vulnerability Management service and provide reports and metrics to IT Operations and Information Security.
• Ensure that all incidents, alerts and exceptions are responded to in accordance with established procedures.
• Research and incorporate relevant threat intelligence during the incident investigation and in written and verbal reports.
• Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; and forensics and incident response.
• Track cyber threat actors/campaigns based from technical analysis and open source intelligence.
• Provide support to vulnerability analysis, penetration testing and compliance monitoring activities.
• Manage external certificates.
• Metrics reporting for Service Management and Incident Management.

Qualifications

Skills & Experience:

• Demonstrates a solid working knowledge and an understanding of cyber security procedures, threats, alerts, anomalies, potential intrusion tactics, with related work experience in an information security role with a cyber security focus.
• Demonstrated Cyber Incident Response/Forensics/Vulnerability analysis background
• Must be able to handle multiple deadlines, and to effectively perform during high pressure or stressful situations.
• Must possess excellent analytical, troubleshooting, and problem-solving skills.
• Desirable to have advanced knowledge and experience in the Incident Response Life Cycle (NIST 800-61 Rev 2)
• Should be able to perform research to solve problems in a creative and repeatable manner
• Proven capability to manage a team of Security Analysts with on-call rota.
• You will have knowledge of current and emerging advanced cyber threats, attack and evasion techniques, command and control infrastructures and insider threat behaviour.
• Excellent organization and time management skills.
• Proven capability and experience of investigating, managing and remediating cyber security incidents with an ability to make sound decisions and judgements.
• Ability to produce and present technical information to both technical and non-technical personnel.
• You will have extremely good organisational, communication and documentation and administration skills with a good eye for detail.
• You will understand typical malware functionality and capabilities.
• Experience producing security documentation and other technical analysis reports
• Ability to build capability in other analysts through on-the-job training and knowledge sharing.
• Skilled in cyber security procedures and incident response, and possesses an understanding of TCP/IP, common network protocols, and related security applications.
• Demonstrable experience in Intrusion Detection and analysis.
• Experience working in a team-oriented, collaborative environment.
The following elements are considered as essential knowledge and the candidate must be able to explain/demonstrate the configuration, management and maintenance of the following:

  • Vulnerability Management
  • Firewalls
  • SIEM
  • IDS/IPS
  • Endpoint Protection (including anti-malware, Application Control, DLP and Device Control)
  • Web Security
  • Email Security
  • Forward & Reverse Proxies
  • Identity & Access Management
  • PKI
  • Windows & UNIX/Linux operating systems (including hardening and patching of core OS as well as utilisation of command line tools)

Technical Experience include:


Administration of:
Windows Server (2003, 2008 and 2012)
Linux (primarily Red Hat Enterprise Linux)
UNIX (e.g. FreeBSD or Solaris based systems)

Knowledge of:
Wireshark / tcpdump
Metasploit
Snort / Suricata
netcat
Nessus
Nmap
Encase

Identification of web attack vectors, e.g:
SQL Injection
XSS
CSRF
Session-hijacking
Use of scripting languages, e.g.:
Powershell
Bash
Perl
Ruby

Desirable certifications include:-
Certified Information Systems Security Professional (CISSP) – preferred but not essential
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
Certified Ethical Hacker (CEH)
Enterprise Security product certifications in endpoint, firewall, IDS/IPS, SIEM an advantage.